Facebook Improves Security With Secure Browsing, Social Authentication

Martin Brinkmann
Jan 26, 2011
Updated • Jan 18, 2015

Facebook today announced two changes to the popular social networking site that aim to improve the security of site visitors.

Secure Browsing is a new opt-in option to configure Facebook to always use https connections. While Facebook is already making use of a secure connection when the user logs into the network, it is not making use of the secure connection during the entire session.

Update: Facebook has enabled https by default and does not switch back to http anywhere on the site. This means that the secure browsing feature has been removed as it is no longer required. Update End

Enabling secure browsing for an account ensures that data cannot be monitored by other users of the network or the ISP. That's especially useful when public computers or networks are used to connect to Facebook.

The new option is gradually rolled out in the coming weeks. Users find it under Account Settings > Account Security. They need to check "Browse Facebook on a secure connection (https) whenever possible" under Secure Browsing (HTTPS).

facebook secure browsing

Starting today we'll provide you with the ability to experience Facebook entirely over HTTPS. You should consider enabling this option if you frequently use Facebook from public Internet access points found at coffee shops, airports, libraries or schools. The option will exist as part of our advanced security features, which you can find in the "Account Security" section of the Account Settings page.

There are a few things you should keep in mind before deciding to enable HTTPS. Encrypted pages take longer to load, so you may notice that Facebook is slower using HTTPS. In addition, some Facebook features, including many third-party applications, are not currently supported in HTTPS. We'll be working hard to resolve these remaining issues. We are rolling this out slowly over the next few weeks, but you will be able to turn this feature on in your Account Settings soon. We hope to offer HTTPS as a default whenever you are using Facebook sometime in the future.

Social Authentication is currently tested on Facebook. Facebook sometimes displays captchas when account irregularities are detected. Text captchas are highly problematic for a number of reasons. They are at times hard to decipher and only protect against some computer based attacks. Human attackers on the other hand are not kept away, as they can solve the captcha as easily as the account holder.

Social Authentication changes the captchas. Instead of displaying random hard to read text, they show friends of the user and options to identify those friends. While that is still not impossible to answer by attackers, it does pose a greater challenge than text captchas.

facebook identify this friend

Many sites around the web use a type of challenge-response test called a captcha in their registration or purchasing flows. The purpose of this test is to verify that you are a human being and not a computer trying to game the system. Traditional captchas have a number of limitations including being (at times) incredibly hard to decipher and, since they are only meant to defend against attacks by computers, vulnerable to human hackers.

Instead of showing you a traditional captcha on Facebook, one of the ways we may help verify your identity is through social authentication. We will show you a few pictures of your friends and ask you to name the person in those photos. Hackers halfway across the world might know your password, but they don't know who your friends are.

We will continue to test social authentication and gather feedback from you and the security community on how to make this and other social features safe and useful.

What's your take on the new security improvements? (via)


Tutorials & Tips

Previous Post: «
Next Post: «


  1. Antony Melvin said on July 8, 2011 at 6:55 pm

    I play FarmVille and Empires & Allies. After switching off HTTPS, the page goes blank and only thing which I can see is the header and footer of Facebook page and nothing else…. :( Can anyone help me in this pleaseeee????

  2. AdeleMB said on February 25, 2011 at 12:33 am

    I think this is great and am using it, but I love Scrabble and Bejeweled so have to keep turning the security off. But HTTPS will be brilliant when the 3rd party apps are fixed :-)

  3. DotNetNoob said on January 27, 2011 at 9:49 pm

    The social authentication adds little security. Instead it introduces new privacy issues on Facebook. I explain why on my blog. But the HTTPS was a good move!

  4. tv stand furniture said on January 27, 2011 at 1:39 pm

    It’s a great idea. I am a Facebook lover and I am always wondering how secure my account is. Anyway thanks for this wonderful thoughts. I would have to inform my friends about it. For sure they will love it as well. Keep on posting such astonishing article. I would love to visit it every day.

  5. Dan said on January 26, 2011 at 10:25 pm

    I’d like to say that while the idea of face identification seems nice, I have MANY friends who put pictures of cartroons, their kids, etc. on as their avatar and I can’t identify them that way.

    Also, for people who make “friends” and have hundreds in their list, they may not be able to identify them either.

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

We love comments and welcome thoughtful and civilized discussion. Rudeness and personal attacks will not be tolerated. Please stay on-topic.
Please note that your comment may not appear immediately after you post it.